WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (1)

Let's start with JS code. let o = ; for let i in xx: 0 oi; 0; i-- ForInContext& context = mforInContextStacki - 1.get; if context.local != property continue; if !context.isValid break; if context.type == ForInContext::IndexedForInContextType property = staticcastcontext.index; break;...

Security Advisory - Privilege Escalation Vulnerability in Some Huawei APKs

Some Huawei APKs have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead t...

CVE-2017-1443

IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 12810...

Quora: XSS when clicking "Share to Twitter" at quora.com/widgets/embed_iframe?path=...

Summary: The endpoint at https://language.quora.com/widgets/embediframe?path=pathtoanswerinsamelanguage shows the answer you specify in path like /Question/answer/User in a format useful to embed. There is one button Share that when clicked shows another button Share to Twitter. The href attribut...

Cross site scripting

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

Cross site scripting

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...

CVE-2017-12062

An XSS issue was discovered in manageuserpage.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled...

CVE-2017-12061

CVE-2017-12061 affects MantisBT installations via admin/install.php, with XSS caused by unsanitized user-controlled variables in the installer (notably $f_database, $f_db_username, $f_admin_username). Vulnerable versions are MantisBT < 1.3.12 and

Cross site scripting

IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...

CVE-2017-1332

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234...

CVE-2016-8975

IBM Rhapsody DM 5.0–6.0 is affected by a cross‑site scripting vulnerability in the Web UI that can lead to credentials disclosure within a trusted session. The issue arises from improper input handling in the Web UI, enabling arbitrary JavaScript execution. Remediation per the IBM bulletins is to...

Dark Web Users Suspect "Dream Market" Has Also Been Backdoored by Feds

By now you might be aware of the took down of two of the largest online dark websites—AlphaBay and Hansa—in what's being called the largest-ever international operation against the dark web's black market conducted by the FBI, DEA Drug Enforcement Agency and Dutch National Police. But the...

Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning PCP Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. SPDX-FileCopyrightText: 2017 Greenbone AG Some text...

Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning PCP Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validatio...

CVE-2016-8948

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 11883...

Cross site scripting

IBM Jazz Foundation Reporting Service JRS 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2017-1217

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857...

Khan Academy: XSS through document projects

Hello, I'm Ethan Luis McDonough @elmt2 on Khan Academy, and I found a way to inject scripts into document projects. Since KA document projects output HTML, I can edit the PUT request that updates projects https://www.khanacademy.org/api/internal/scratchpads/ID and inject JavaScript code inside an...

PHPMailer Cross Site Scripting

Title : PHPMailer alert'XSS' == Contact Me : Telegram : @ShahabShamsi Email : [email protected] WebSilte : WwW.iran123.Org...

Cross site scripting

A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser...